version 2.13.0 (03/08/2018):
libpurple:
* Unified string comparison. (PR #186) (Arkadiy Illarionov)
* Properlly shell escape URI's when opening them. (PR #271 Daniel Kamil Kozar)
* Fix a one byte buffer overread in function purple_markup_linkify
* Fix an issue were utf8 was incorrectly truncated which could lead to
crashes as we were potentially feeding garbage into glib/gtk.
libgnt:
* Fixed build against curses 6.0 with opaque structs set. (#16764 dimstar)
(PR #268 Daniel Kamil Kozar)
* Fixed a crash when resizing the window. (#16680 marcus) (PR #269 Daniel Kamil Kozar)
General:
* Fixed bashism in autotools. (#16836 lameventanas) (PR #267 Daniel Kamil Kozar)
XMPP:
* Show XEP-0066 OOB URLs in any message, not just headlines
* Fix a user after free (#17200 debarshiray) (PR #266 Ethan Blanton)
* Removed pipelining from BOSH connections (#17025 PR #295 Tom Li)
* Don't try to TLS already secured BOSH connections (#17270 PR #293 Tom Li)
IRC:
* Fix "Registration timeout" on SASL auth with InspIRCd servers
(and possibly others not based on charybdis/ratbox/ircd-seven)
* Fix issues with plugins that modify outgoing messages
(such as the custom PART/QUIT feature of the IRC More plugin)
* Fix IRC buffer handling. (#12562 PR #272 Shivaram Lingamneni)
* Properly handle AUTHENTICATE as a normal command with server prefix.
(PR #316 dx)
* Fix a crash caused by a use after free of the MOTD.
* Fix an out of bounds read in irc_nick_skip_mode.
* Fix a write of a single byte before the start of a buffer in
irc_parse_ctcp.
Pidgin:
* Better support for dark themes. (#12572 Alyssa Rosenzweig and Gary Kramlich)
* Fixed IPv6 links by not escaping []'s. (#16391 cyisfor) (PR #270 Daniel Kamil Kozar)
* Only write buddy icons to the cache if they're not already cached. (PR #276 David Woodhouse)
* Rejoin persistent chats after reconnect. (#15687 PR #285 Christof Meerwald)
* Made the WIN32 Transparency plugin work on all platforms. (#3124 PR #287 Daniel Kamil Kozar)
* Ensure search results buttons are labeled (Backport from de2d88e575ee)
* Fix matching unicode smilies. (#17232 gnubfx PR #262 Daniel Kamil Kozar)
* Correctly update mute/unmute status when the remote side mutes/unmutes us. (#17273 PR #302 David Woodhouse)
* Rework the status icon blinking to not used deprecated API. (#17174 zelch PR #264 Daniel Kamil Kozar)
* Don't allow adding a buddy to protocols that don't have an add_buddy callback. (#4061 Paradox)
Finch:
* Fix handling of search results (#17238 David Woodhouse)
Voice & Video:
* Port backend-fs to newer api for farstream relay-info property (#17274 bellet)
version 2.12.0 (03/09/2017):
libpurple:
* Fix an out of bounds memory read in purple_markup_unescape_entity.
CVE-2017-2640
* Fix use of uninitialised memory if running non-debug-enabled versions of glib
* Updated AIM dev and dist ID's to new ones that were assigned by AOL.
* TLS certificate verification now uses SHA-256 checksums.
* Fixed SASL external auth for Freenode.
* Removed the MSN protocol plugin. It has been unusable and dormant for some
time. MSNP18 has been discontinued and the protocol plugin would require a
large update to start working again. See: http://ismsndeadyet.com/ The
third-party Pidgin SkypeWeb plugin, however, should provide enough
functionality as a replacement if people still want to use MSN:
https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb
* Removed Mxit protocol plugin. The service was closed at the end of
September 2016. See
https://pidgin.im/pipermail/devel/2016-September/024078.htm
* Removed the MySpaceIM protocol plugin. The service has been defunct for a
long time. (#15356)
* Remove the Yahoo! protocol plugin. Yahoo has completely
reimplemented their protocol, so this version is no longer operable as
of August 5th, 2016:
https://yahoo.tumblr.com/post/145715934739/q2-2016-progress-report-on-our-product
A new protocol plugin has been written to support the new protocol.
It can be found here: https://github.com/EionRobb/funyahoo-plusplus
This also removes support for Yahoo! Japan. According to
http://messenger.yahoo.co.jp/ the service ended March 26th, 2014.
* Remove the Facebook (XMPP) account option. According to
https://developers.facebook.com/docs/chat the XMPP Chat API service
ended April 30th, 2015. A new protocol plugin has been written,
using a different method, to support Facebook. It can be found at
https://github.com/dequis/purple-facebook/wiki
* Fixed gnutls certificate validation errors that mainly affected google (Dequis)
General
* Replaced instances of d.pidgin.im with developer.pidgin.im and updated the
urls to use https. (#17036)
IRC
* Fixed issue of messages being silently cut off at 500 characters. Large
messages are now split into parts and sent one by one. (#4753)
version 2.11.0 (06/21/2016):
General:
* 2.10.12 was accidentally released with new additions to the API and
should have been released as 2.11.0. Unfortunately, we did not catch
the mistake until after 2.10.12 was released, but we're fixing it now.
See ChangeLog.API for more information.
* Include the Mozilla certificate bundle. This fixes connecting to servers
with certificates from Let's Encrypt.
* Remove all 1024-bit CAs
libpurple:
* media: fix an issue with ximagesink displaying only a corner cut-out of
a larger webcam video (Jakub Adam)
* mediamanager: update output window destruction so that it reflects recent
changes in the media pipeline structure (Jakub Adam)
* Ported Instantbird's CommandUiOps to libpurple (Dequis)
Pidgin:
* Fixed#14962
* Fixed alignment of incoming right-to-left messages in protocols that
don't support rich text
* Fix a potential crash while exiting pidgin
Windows-Specific Changes:
* Use getaddrinfo for DNS to enable IPv6 (#1075)
* Updates to dependencies:
* NSS 3.24 and NSPR 4.12.
AIM:
* Add support for the newer kerberos-based authentication of AIM 8.x
Bonjour
* Fixed building on Mac OSX (Patrick Cloke) (#16883)
ICQ:
* Stop truncating passwords to 8 characters like old ICQ clients did.
(#16692). If you actually needed this, truncate your password
manually by pressing backspace a few times.
IRC:
* Base64-decode SASL messages before passing to libsasl (#16268)
MXit
* Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0120)
* Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0140)
* Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
* Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
(TALOS-CAN-0118)
* Fixed a remote buffer overflow vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0119)
* Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0123)
* Fixed a directory traversal issue. Discovered by Yves Younan of Cisco
Talos (TALOS-CAN-0128)
* Fixed a remote denial of service vulnerability that could result in
a null pointer dereference. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0133)
* Fixed a remote denial of service that could result in an out-of-bounds
read. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0134)
* Fixed multiple remote buffer overflows. Discovered by Yves Younan of
Cisco Talos. (TALOS-CAN-0136)
* Fixed a remote NULL pointer dereference. Discovered by Yves Younan of
Cisco Talos (TALOS-CAN-0137)
* Fixed a remote code execution issue discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0142)
* Fixed a remote denial of service vulnerability in contact mood
handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
* Fixed a remote out-of-bounds write vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0139)
* Fix a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0143)
gstreamer is not an option any longer.
version 2.10.12 (MM/DD/YY):
Windows-Specific Changes:
* Updates to dependencies:
* Cyrus SASL 2.1.26
* libxml2 2.9.2
* NSS 3.17.3 and NSPR 4.10.7
* Perl 5.20.1
* SILC 1.1.12
* Remove support for Tcl plugins
Gadu-Gadu:
* Updated internal libgadu to version 1.12.1.
version 2.10.11 (11/23/14):
General:
* Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
plugin (#16412)
* Improve default cipher suites used with the NSS plugin (#16262)
* Add NSS Preferences plugin which allows the SSL/TLS Versions and
cipher suites to be configured (#8061)
Gadu-Gadu:
* Fix a bug that prevented plugin to load when compiled without GnuTLS.
(mancha) (#16431)
* Fix build for platforms without AF_LOCAL definition. (#16404)
MSN:
* Fix broken login due to server change (dx, TReKiE). (#16451, #16455)
* Fail early when buddy list is unavailable instead of wasting bandwidth
endlessly re-trying.
version 2.10.10 (10/22/14):
General:
* Check the basic constraints extension when validating SSL/TLS
certificates. This fixes a security hole that allowed a malicious
man-in-the-middle to impersonate an IM server or any other https
endpoint. This affected both the NSS and GnuTLS plugins. (Discovered
by an anonymous person and Jacob Appelbaum of the Tor Project, with
thanks to Moxie Marlinspike for first publishing about this type of
vulnerability. Thanks to Kai Engert for guidance and for some of the
NSS changes) (CVE-2014-3694)
* Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
(Elrond and Ashish Gupta) (#15909)
libpurple3 compatibility:
* Encrypted account passwords are preserved until the new one is set.
* Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes:
* Don't allow overwriting arbitrary files on the file system when the
user installs a smiley theme via drag-and-drop. (Discovered by Yves
Younan of Cisco Talos) (CVE-2014-3697)
* Updates to dependencies:
* NSS 3.17.1 and NSPR 4.10.7
Finch:
* Fix build against Python 3. (Ed Catmur) (#15969)
Gadu-Gadu:
* Updated internal libgadu to version 1.12.0.
Groupwise:
* Fix potential remote crash parsing server message that indicates that
a large amount of memory should be allocated. (Discovered by Yves Younan
and Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC:
* Fix a possible leak of unencrypted data when using /me command
with OTR. (Thijs Alkemade) (#15750)
MXit:
* Fix potential remote crash parsing a malformed emoticon response.
(Discovered by Yves Younan and Richard Johnson of Cisco Talos)
(CVE-2014-3695)
XMPP:
* Fix potential information leak where a malicious XMPP server and
possibly even a malicious remote user could create a carefully crafted
XMPP message that causes libpurple to send an XMPP message containing
arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
Aurich) (CVE-2014-3698)
* Fix Facebook XMPP roster quirks. (#15041, #15957)
Yahoo:
* Fix login when using the GnuTLS library for TLS connections. (#16172)
version 2.10.8 (1/28/2014):
General:
* Python build scripts and example plugins are now compatible with
Python 3. (Ashish Gupta) (#15624)
libpurple:
* Fix potential crash if libpurple gets an error attempting to read a
reply from a STUN server. (Discovered by Coverity static analysis)
(CVE-2013-6484)
* Fix potential crash parsing a malformed HTTP response. (Discovered by
Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
* Fix buffer overflow when parsing a malformed HTTP response with
chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
(CVE-2013-6485)
* Better handling of HTTP proxy responses with negative Content-Lengths.
(Discovered by Matt Jones, Volvent)
* Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
when using libnss. (#15586)
* Impose maximum download size for all HTTP fetches.
Pidgin:
* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
* Better handling of URLs longer than 1000 letters.
* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
* When clicking file:// links, show the file in Explorer rather than
attempting to run the file. This reduces the chances of a user
clicking on a link and mistakenly running a malicious file.
(Originally discovered by James Burton, Insomnia Security. Rediscovered
by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
* Fix Tcl scripts. (#15520)
* Fix crash-on-startup when ASLR is always on. (#15521)
* Updates to dependencies:
* NSS 3.15.4 and NSPR 4.10.2
* Pango 1.29.4-1daa
Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
* Fix untrusted certificate error.
AIM and ICQ:
* Fix a possible crash when receiving a malformed message in a Direct IM
session.
Gadu-Gadu:
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
(Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
(CVE-2013-6487)
* Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
* Disabled new account registration and password change options, as it
didn't work either. Account registration also caused a crash. Both
functions are available using official Gadu-Gadu website.
IRC:
* Fix bug where a malicious server or man-in-the-middle could trigger
a crash by not sending enough arguments with various messages.
(Discovered by Daniel Atallah) (CVE-2014-0020)
* Fix bug where initial IRC status would not be set correctly.
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
MSN:
* Fix NULL pointer dereference parsing headers in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing OIM data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing SOAP data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix possible crash when sending very long messages. Not
remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
(CVE-2013-6487)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
* Fix compiling with InstantBird.
* Fix display of some custom emoticons.
SILC:
* Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
XMPP:
* Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
Yamaguchi and Christian Wressnegger of the University of Goettingen)
(CVE-2013-6483)
* Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very
small file for your own buddy icon.
* Fix crash if the user tries to initiate a voice/video session with a
resourceless JID.
* Fix login errors when the first two available auth mechanisms fail but
a subsequent mechanism would otherwise work when using Cyrus SASL.
(#15524)
* Fix dropping incoming stanzas on BOSH connections when we receive
multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
* Fix possible crashes handling incoming strings that are not UTF-8.
(Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
* Fix a bug reading a peer to peer message where a remote user could
trigger a crash. (CVE-2013-6481)
Plugins:
* Fix crash in contact availability plugin.
* Fix perl function Purple::Network::ip_atoi
* Add Unity integration plugin.
version 2.10.7 (02/13/2013):
Alien hatchery:
* No changes
General:
* The configure script will now exit with status 1 when specifying
invalid protocol plugins using the --with-static-prpls and
--with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
* Fix a crash when receiving UPnP responses with abnormally long values.
(CVE-2013-0274)
* Don't link directly to libgcrypt when building with GnuTLS support.
(Bartosz Brachaczek) (#15329)
* Fix UPnP mappings on routers that return empty <URLBase/> elements
in their response. (Ferdinand Stehle) (#15373)
* Tcl plugin uses saner, race-free plugin loading.
* Fix the Tcl signals-test plugin for savedstatus-changed.
(Andrew Shadura) (#15443)
Pidgin:
* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11
variant.
Gadu-Gadu:
* Fix a crash at startup with large contact list. Avatar support for
buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
(#13270)
* Print topic setter information at channel join. (#13317)
MSN:
* Fix SSL certificate issue when signing into MSN for some users.
* Fix a crash when removing a user before its icon is loaded. (Mark
Barfield) (#15217)
MXit:
* Fix a bug where a remote MXit user could possibly specify a local
file path to be written to. (CVE-2013-0271)
* Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution. (CVE-2013-0272)
* Display farewell messages in a different colour to distinguish
them from normal messages.
* Add support for typing notification.
* Add support for the Relationship Status profile attribute.
* Remove all reference to Hidden Number.
* Ignore new invites to join a GroupChat if you're already joined, or
still have a pending invite.
* The buddy's name was not centered vertically in the buddy-list if they
did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
Sametime:
* Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID. (CVE-2013-0273)
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
(#15053)
* Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
Plugins:
* The Voice/Video Settings plugin supports using the sndio GStreamer
backends. (Brad Smith) (#14414)
* Fix a crash in the Contact Availability Detection plugin. (Mark)
(#15327)
* Make the Message Notification plugin more friendly to non-X11 GTK+,
such as MacPorts' +no_x11 variant.
version 2.10.4 (05/06/2012):
General:
* Support building against Farstream in addition to Farsight.
(Olivier Crete) (#14936)
IRC:
* Disable periodic WHO timer. IRC channel user lists will no
longer automatically display away status, but libpurple will be
much kinder to the network.
* Print unknown numerics to channel windows if we can associate
them. Thanks to Marien Zwart. (#15090)
MSN:
* Fix a possible crash when receiving messages with certain characters
or character encodings. Thanks to Fabian Yamaguchi for reporting
this!
XMPP:
* Fix a possible crash when receiving a series of specially crafted
file transfer requests. Thanks to José Valentín Gutiérrez for
reporting this! (CVE-2012-2214)
Windows-Specific Changes:
* Words added to spell check dictionaries are saved across restarts of
Pidgin (#11886)
(fixes CVE-2011-3594, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4939
and CVE-2012-1178)
version 2.10.3 (03/26/2012):
* Fix buddies not going offline.
version 2.10.2 (03/14/2012):
General:
* Fix compilation when using binutils 2.22 and new GDK pixbuf. (#14799)
* Fix compilation of the MXit protocol plugin with GLib 2.31. (#14773)
Pidgin:
* Add support for the GNOME3 Network dialog. (#13882)
* Fix rare crash. (#14392)
* Add support for the GNOME3 Default Application dialog for configuring
the Browser.
libpurple:
* Support new connection states and signals for NetworkManager 0.9+.
(Dan Williams) (#13859)
AIM and ICQ:
* Fix a possible crash when receiving an unexpected message
from the server. (Thijs Alkemade) (#14983)
* Allow signing on with usernames containing periods and
underscores. (#13500)
* Allow adding buddies containing periods and underscores. (#13500)
* Don't try to format ICQ usernames entered as email addresses.
Gets rid of an "Unable to format username" error at login. (#13883)
MSN:
* Fix possible crashes caused by not validating incoming messages as
UTF-8. (Thijs Alkemade) (#14884)
* Support new protocol version MSNP18. (#14753)
* Fix messages to offline contacts. (#14302)
Windows-Specific Changes:
* Fix the installer downloading of spell-checking dictionaries (#14612)
* Fix compilation of the Bonjour protocol plugin. (#14802)
Plugins:
* The autoaccept plugin will no longer reset the preference for unknown
buddies to "Auto Reject" in certain cases. (#14964)
version 2.10.1 (12/06/2011):
Finch:
* Fix compilation on OpenBSD.
AIM and ICQ:
* Fix remotely-triggerable crashes by validating strings in a few
messages related to buddy list management. Thanks to Evgeny Boger
for reporting this! (#14682)
Bonjour:
* IPv6 fixes (Linus Lüssing)
Gadu-Gadu:
* Fix problems linking against GnuTLS. (#14544)
IRC:
* Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary
encoding. (#14700)
Jabber:
* Fix crashes and memory leaks when receiving malformed voice
and video requests. Thanks to Thijs Alkemade for reporting this!
Sametime:
* Separate "username" and "server" when adding new Sametime accounts.
(#14608)
* Fix compilation in Visual C++. (#14608)
SILC:
* Fix CVE-2011-3594, by UTF-8 validating incoming messages before
passing them to glib or libpurple. Identified by Diego Bauche
Madero from IOActive. (#14636)
Yahoo!:
* Fetch buddy icons in some cases where we previously weren't. (#13050)
Windows-Specific Changes:
* Fix compilation
While here, better fix for PR#45190.
chat/finch itself does not depend on devel/nspr.
chat/libpurple without gnutls option, libpurple is linked with nspr,
so it must be handle in libpurple/buildlink3.mk.
version 2.10.0 (08/18/2011):
Pidgin:
* Make the max size of incoming smileys a pref instead of hardcoding it.
(Quentin Brandon) (#5231)
* Added a plugin information dialog to show information for plugins
that aren't otherwise visible in the plugins dialog.
* Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is still the
minimum supported) (#14261)
libpurple:
* Fix a potential crash in the Log Reader plugin when reading QIP logs.
* Fix a large number of strcpy() and strcat() invocations to use
strlcpy() and strlcat(), etc., forestalling an entire class of
string buffer overrun bugs.
(The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer,
Jacob Appelbaum)
* Change some filename manipulations in filectl.c to use MAXPATHLEN
instead of arbitrary length constants. (The Electronic Frontier
Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
* Fix endianness-related crash in NTLM authentication (Jon Goldberg)
(#14163)
Gadu-Gadu:
* Fixed searching for buddies in public directory. (Tomasz Wasilczyk)
(#5242)
* Better status message handling. (Tomasz Wasilczyk) (#14314)
* Merged two buddy blocking methods. (Tomasz Wasilczyk) (#5303)
* Fix building of the bundled libgadu library with older versions
of GnuTLS. (patch plucked from upstream) (#14365)
ICQ:
* Fix crash selecting Tools->Set Mood when you're online with an
ICQ account that is configured as an AIM account. (#14437)
IRC:
* Fix a crash when remote users have certain characters in their
nicknames. (Discovered by Djego Ibanez) (#14341)
* Fix the handling of formatting following mIRC ^O (#14436)
* Fix crash when NAMES is empty. (James McLaughlin) (#14518)
MSN:
* Fix incorrect handling of HTTP 100 responses when using the HTTP
connection method. This can lead to a crash. (Discovered by Marius
Wachtler)
* Fix seemingly random crashing. (#14307)
* Fix a crash when the account is disconnected at the time we are doing a
SB request. (Hanzz, ported by shlomif) (#12431)
XMPP:
* Do not generate malformed XML ("</>") when setting an empty mood.
(#14342)
* Fix the /join <room> behavior. (Broken when adding support for
<room>@<server>) (#14205)
Yahoo!/Yahoo! JAPAN:
* Fix coming out of idle while in an unavailable state
* Fix logging into Yahoo! JAPAN. (#14259)
Windows-Specific Changes:
* Open an explorer.exe window at the location of the file when clicking
on a file link instead of executing the file, because executing a file
can be potentially dangerous. (Discovered by James Burton of
Insomnia Security) (Fixed by Eion Robb)
version 2.9.0 (06/23/2011):
Pidgin:
* Fix a potential remote denial-of-service bug related to displaying
buddy icons.
* Significantly improved performance of larger IRC channels (regression
introduced in 2.8.0).
* Fix Conversation->Add on AIM and MSN.
* Entries in the chat user list are sorted properly again. This was
inadvertenly broken in 2.8.0.
Finch:
* Fix logging in to ICQ.
libpurple:
* media: Actually use the specified TCP port from the TURN configuration to
create a TCP relay candidate.
AIM and ICQ:
* Fix crashes on some non-mainstream OSes when attempting to
printf("%s", NULL). (Clemens Huebner) (#14297)
Plugins:
* The Evolution Integration plugin compiles again.
version 2.8.0 (06/07/2011):
General:
* Implement simple silence suppression for voice calls, preventing
wasted bandwidth for silent periods during a call. (Jakub Adam)
(half of #13180)
* Added the DigiCert High Assurance CA-3 intermediate CA, needed for
validation of the Facebook XMPP interface's certificate.
* Removed the QQ protocol plugin. It hasn't worked in a long time and
isn't being maintained, therefore we no longer want it.
Pidgin:
* Duplicate code cleanup. (Gabriel Schulhof) (#10599)
* Voice/Video call window adapts correctly to adding or removing
streams on the fly. (Jakub Adam) (half of #13535)
* Don't cancel an ongoing call when rejecting the addition of a
stream to the existing call. (Jakub Adam) (#13537)
* Pidgin plugins can now override tab completion and detect clicks on
usernames in the chat userlist. (kawaii.neko) (#12599)
* Fix the tooltip being destroyed when it is full of information and
cover the mouse (dliang) (#10510)
libpurple:
* media: Allow obtaining active local and remote candidates. (Jakub
Adam) (#11830)
* media: Allow getting/setting video capabilities. (Jakub Adam) (half
of #13095)
* Simple Silence Suppression is optional per-account. (Jakub Adam)
(half of #13180)
* Fix purple-url-handler being unable to find an account.
* media: Allow adding/removing streams on the fly. (Jakub Adam)
(half of #13535)
* Support new connection states in NetworkManager 0.9. (Dan Williams)
(#13505)
* When removing a buddy, delete the pounces associated with it.
(Kartik Mohta) (#1131)
* media: Allow libpurple and plugins to set SDES properties for RTP
conferences. (Jakub Adam) (#12981)
* proxy: Add new "Tor/Privacy" proxy type that can be used to
restrict operations that could leak potentially sensitive data
(e.g. DNS queries). (#11110, #13928)
* media: Add support for using TCP relaying with TURN (will only work with
libnice 0.1.0 and later).
AIM:
* Fix setting icons with dimensions greater than 64x64 pixels by scaling
them down to at most 64x64. (#12874, #13165)
Gadu-Gadu:
* Allow showing your status only to buddies. (Mateusz Piękos) (#13358)
* Updated internal libgadu to version 1.10.1. (Robert Matusewicz,
Krzysztof Klinikowski) (#13525)
* Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk)
(#14248)
* Suppress blank messages that happen when receiving inline
images. (Tomasz Wasilczyk) (#13554)
* Fix sending inline images to remote users, don't crash when
trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
* Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk,
Krzysztof Klinikowski) (#13362, #13590)
* Require libgadu 1.11.0 to avoid using internal libgadu.
* Optional SSL connection support for GNUTLS users (not on Windows
yet!). (Tomasz Wasilczyk) (#13613, #13894)
* Don't count received messages or statuses when determining whether
to send a keepalive packet. (Jan Zachorowski) (#13699)
* Fix a crash when receiving images on Windows or an incorrect
timestamp in the log when receiving images on Linux. (Tomasz
Wasilczyk) (#10268)
* Support XML events, resulting in immediate update of other users'
buddy icons. (Tomasz Wasilczyk) (#13739)
* Accept poorly formatted URLs from other third-party clients in
the same manner as the official client. (Tomasz Wasilczyk)
(#13886)
ICQ:
* Fix setting icons with dimensions greater than 64x64 pixels by scaling
them down to at most 64x64. (#12874, #13165)
* Fix unsetting your mood when "None" is selected. (Dustin Gathmann)
(#11895)
* Ignore Daylight Saving Time when performing calculations related to
birthdays. (Dustin Gathmann) (#13533)
* It is now possible to specify multiple encodings on the Advanced
tab of an ICQ account's settings by using a comma-delimited list.
(Dmitry Utkin) (#13496)
IRC:
* Add "authserv" service command. (tomos) (#13337)
MSN:
* Fix a hard-to-exploit crash in the MSN protocol when using the
HTTP connection method (Reported by Marius Wachtler).
MXit:
* Support for an Invite Message when adding a buddy.
* Fixed bug in splitting-up of messages that contain a lot of links.
* Fixed crash caused by timer not being disabled on disconnect.
(introduced in 2.7.11)
* Clearing of the conversation window now works.
* When receiving an invite you can display the sender's profile
information, avatar image, invite message.
* The Change PIN option was moved into separate action.
* New profile attributes added and shown.
* Update to protocol v6.3.
* Added the ability to view and invite your Suggested Friends,
and to search for contacts.
* Also display the Status Message of offline contacts in their
profile information.
XMPP:
* Remember the previously entered user directory when searching.
(Keith Moyer) (#12451)
* Correctly handle a buddy's unsetting his/her vCard-based avatar.
(Matthew W.S. Bell) (#13370)
* Squash one more situation that resulted in duplicate entries in
the roster (this one where the server reports the buddy as being
in the same (empty) group. (Reported by Danny Mayer)
Plugins:
* The Voice/Video Settings plugin now includes the ability to test
microphone settings. (Jakub Adam) (#13182)
* Fix a crash when handling some saved settings in the Voice/Video
Settings plugin. (Pat Erley) (13290, #13774)
Windows-Specific Changes:
* Fix building libpurple with Visual C++ .NET 2005. This was
accidentally broken in 2.7.11. (Florian Quèze)
* Build internal libgadu using packed structs, fixing several
long-standing Gadu-Gadu issues. (#11958, #6297)
General:
* Our bundled libgadu should now build on HP-UX.
* Fix some instances of file transfers never completing.
Pidgin:
* Sort by Status no longer causes buddies to move around when you click them.
* Fix embedding in the system tray on older GTK+ releases (such as on CentOS
5.5 and older Fedora).
* No longer require libstartup-notification for startup notification support.
GTK+ has included support for years, so use it instead.
AIM:
* Fix a bug where some buddies from your buddy list might not show up.
Affected non-English ICQ users the most.
* Send keepalives for all types of network connections. Will hopefully make
chat rooms more reliable.
MSN:
* Fix bug that prevented added buddies to your buddy list in certain
circumstances.
MXit:
* MXit plugin and reported client version now follow the libpurple version.
* Don't try to request profile information for non-user contacts.
* Allow Re-Invite for contacts in Deleted or Rejected state.
* Ensure we don't send packets too fast to the MXit server and trigger its
flood-detection mechanism. Also increased the internal packet queue to 32
packets.
XMPP:
* Fix building on platforms with an older glib (inadvertantly broken in 2.7.10).
* Don't treat the on-join status storms as 'new arrivals'.
* Extend the /join command to support room JIDs, enabling you to join a room on
any server.
* Add support for receiving a limited amount of history when joining a room
(not currently supported by Pidgin and Finch).
Yahoo!/Yahoo! JAPAN:
* Fix CVE-2011-1091, denials of service caused by NULL pointer dereferences due
to improper handling of malformed YMSG packets.
* Force video sources to all have the same capabilities. This reduces the number of times video must be scaled down, saving CPU time.
* Starting multiple video calls and ending one no longer causes the other calls
to stop sending audio and video.
* Perl bindings now respect LDFLAGS.
* Added AddTrust External Root CA.
* Resolve some issues validating X.509 certificates signed off the CAcert Class
3 intermediate cert when using the GnuTLS SSL/TLS plugin.
John: Just a quick release for a security fix here. Elliott has not
yet had a chance to work on the MSN breakage that's been present in
the last couple releases, but we hope he can do it before 2.7.10!
Changes 2.7.8:
Elliott: OK, so I know a few things broke with the last release, and
it's too bad we had to rush it for that silly certificate thing that
the MSN people can't configure properly. I've certainly done a lot of
small fixes this time, but it's too bad we haven't been able to get the
transfers with the official client fixed yet. I promise it'll be in
the next release (barring any quick security issues).
John: So, it's been about a month since we last released. Again, we've
assembled a bugfix release for your enjoyment. While a few commonly
reported bugs remain, particularly in MSN, we're working on it for the
next release. In the meantime, Merry Christmas and enjoy!
Changes 2.7.7:
John: Well, this time around, we should finally have the certificate
issue really and fully fixed for all of you MSN users. Also, we have
a few AIM-related fixes in this release, most notably the fix for the
new "SSL Handshake Failure" message some of you got after upgrading.
That one was an oversight on our part. Enjoy the fixes!
* Lots of little incremental bug fixes and enhancements in this release.
* Finally got some fixes out there for you Yahoo users behind some
particularly annoying firewalls and proxies, among other fixes. Enjoy!
Changes 2.7.2:
* We discovered a security issue in Pidgin 2.7.0 and 2.7.1 and decided to
release a patched version quickly. This release contains the fix for that
crash, and a few other minor fixes.
Additional changes:
Fix farsight handling in libpurple.
Set LICENSE.
2.6.2 (09/05/2009):
Mark: Woo boy it's been a busy two weeks. There was a lot of new code
in 2.6.0, and with new code comes new bugs. The cadre of relentless
developers responsible for Pidgin have been hard at work, and I believe
they have fixed all the major bugs that cropped up. My thanks to all
those names listed as Current Developers in Pidgin's 'About' window.
Elliott: Well now, just as Mark said, there was a lot of new stuff that
probably came up with tons of bugs. So I can't say I wrote anything
super-awesome, but I definitely fixed quite a few of those itty-bitty
why-didn't-this-work-this-way sort of bugs.
Update:
chat/finch to 2.6.1
chat/libpurple to 2.6.1
chat/pidgin to 2.6.1
chat/pidgin-sametime to 2.6.1
chat/pidgin-silc to 2.6.1
major changes:
o addition of farsight support for voice/video chats (untested, new option on by default)
o addition of dependency on devel/libidn
o addition of gstreamer option for libpurple (on by default)
ICQ:
* Fix misparsing a web message as an SMS message. (Yuriy Kaminskiy)
MSN:
Increase NS command history size to prevent crashes on buddy lists that
have a lot of buddies on other networks like Yahoo!.
MySpace:
* Accounts with empty buddy lists are now properly marked as connected.
* Fix receiving messages from users of MySpace IM's web client.
Yahoo:
* Fixed phantom online buddies. They should now properly disappear when
signing out.
* Fixed the crashes some users were seeing with cn.scs.msg.yahoo.com in
2.5.7.
* Fixed compiling on systems with glib 2.4.x or older.
* Fixed an issue with file transfers. This may not resolve all issues,
but it should resolve at least some of the most common ones.
* The pager server will automatically update to scsa.msg.yahoo.com if the
user empties the field or if it is scs.msg.yahoo.com. This should ease
the pain of transition to the new login method.
XMPP:
* Fix an incompatibility betweeen Prosody and libpurple clients.
* Yahoo Protocol 16 support, including new HTTPS login method; this should
fix a number of login problems that have recently cropped up. (Sulabh
Mahajan, Mike "Maiku" Ruprecht)
* Only display the AIM "Unable to Retrieve Buddy List" message once per
connection. (Rob Taft)
* Blocking MSN users not on your buddy list no longer disconnects you.
* When performing operations on MSN, assume users are on the MSN/Passport
network if we don't get network ID's for them.
version 2.5.5;
version 2.5.5 (03/01/2009):
libpurple:
* Fix a crash when removing an account with an unknown protocol id.
* Beta support for SSL connections for AIM and ICQ accounts. To
enable, check the "Use SSL" option from the Advanced tab when
editing your AIM or ICQ account. (Paul Aurich)
* Fix a memory leak in SILC. (Luke Petre)
* Fix some string handling in the SIMPLE prpl, which fixes some buddy name
handling and other issues. (Paul Aurich, Marcus Sundberg)
* Implement support for resolving DNS via the SOCKS4 proxy (SOCKS4a).
ICQ:
* Fix retrieval of status messages from users of ICQ 6.x, Miranda, and
other libpurple clients. (Daniel Ljungborg)
* Change client ID to match ICQ Basic 14.34.3096. This fixes publishing
of buddy icons and available messages.
* Properly publish status messages for statuses other than Available.
ICQ 6.x users can now see these status messages. (Daniel Ljungborg)
* Fix receipt of messages from the mobile client Slick. (David Jedelsky)
MSN:
* Fix transfer of buddy icons, custom smileys, and files from the
latest Windows Live Messenger 9 official client. (Thomas
Gibson-Robinson)
* Large (multi-part) messages are now correctly re-combined.
* Federated/Yahoo! buddies should now stop creating sync issues at
every signin. You may need to remove duplicates in the Address
Book. See the FAQ for more information. Thanks to Jason Lingohr
for lots of debugging and testing.
* Messages from Yahoo! buddies are no longer silently dropped.
* We now save and use the CacheKey for ABCH SOAP requests.
* Don't try to parse Personal Status Messages or Current Media if they
don't exist.
* Convert from ISO-8859-1 encoding to UTF-8 when no charset is specified
on incoming messages. This should fix some issues with messages from
older clients.
* Force sending the font "Segoe UI" if outgoing formatting doesn't specify
a font already.
* Queue callbacks when token updates are in progress to prevent two token
update attempts from trampling each other.
* Fixed a crash on Windows when removing a buddy's alias.
* Update the Address Book when buddies' friendly names change. This
prevents seeing an outdated alias or not seeing an alias at all for
buddies who are offline when you sign in.
* Update tokens for FindMembership and ABFindAll SOAP requests.
* We no longer try to send empty messages. This could happen when a
message contained only formatting and that formatting was not supported
on MSN.
* Buddies on both the Allow and Block list are now automatically
removed from the Allow list. Users with this problem will now no
longer receive an ADL 241 error. The problematic buddy should now
appear on the buddy list and can be removed or unblocked as desired.
XMPP:
* Resources using __HOSTNAME__ substitution will now grab only the short
hostname instead of the FQDN on systems which put the FQDN in the
hostname. (Matěj Cepl)
* No longer send a 'to' attribute on an outgoing stanza when we haven't
received one. This fixes a registration bug as described in ticket
#6635.
Pidgin:
* Tooltip windows now appear below the mouse cursor. (Kosta Arvanitis)
* Tooltip windows now disappear on keypress events. (Kosta Arvanitis)
* Tooltip windows no longer linger when scrolling the buddy list. (Kosta
Arvanitis)
Finch:
* Allow rebinding keys to change the focused widget (details in the
man-page, look for GntBox::binding)
version 2.5.4 (01/12/2009):
libpurple:
* Fix a connection timeout with empty Gadu-Gady buddy lists. (Martin
Rosinski)
* Don't ignore namespace information when parsing XMPP data. (Michal
Witkowski)
* Fix a crash that occurred when retrieving certain Offline Messages
on MSN.
* Extended purple-url-handler to handle "gtalk" URI's. (Paul Aurich)
* Fix the hang on exit in Network Location Awareness for Windows XP
and Windows Vista. (Paul Aurich)
MSN:
* Change Contact Server to temporarily fix connection problems.
(Thanks to Youness Alaoui)
XMPP:
* Support for XEP-0191 blocking. (Vijay Raghunathan)
* Don't put SASL PLAIN or IQ Auth passwords in debug logs. (Paul Aurich)
* Fix removal of avatars (both PEP and vCard), we weren't removing
them correctly before. (Paul Aurich)
Pidgin:
* Fix a crash in the Add Account dialog when changing protocols under
certain circumstances.
Finch:
* Redirect stderr outputs to the debug window.
* Fix rebinding actions with the arrow-keys and tab.
version 2.5.3;
Version 2.5.3 (12/20/2008)
* libpurple
o The Buddy State Notification plugin no longer prints duplicate notifications when the same buddy is in multiple groups. (Florian Quèze)
o The Buddy State Notification plugin no longer turns JID's, MSN Passport ID's, etc. into links. (Florian Quèze)
o purple-remote now has a "getstatusmessage" command to retrieve the text of the current status message.
o Various fixes to the nullprpl. (Paul Aurich)
o Fix a crash when accessing the roomlist for an account that's not connected. (Paul Aurich)
o Fix a crash in purple_accounts_delete that happens when this function is called before the buddy list is initialized. (Florian Quèze)
o Fix use of av_len in perl bindings to fix some off-by-one bugs. (Paul Aurich)
o On ICQ, advertise the ICQ 6 typing capability. This should fix the reports of typing notifications not working with third-party clients. (Jaromír Karmazín)
o Many QQ fixes and improvements, including the ability to connect using QQ2008 protocol and sending/receiving of long messages. The recommended version to use is still QQ2005.
o Fix a crash with DNS SRV lookups. (Florian Quèze)
o Fix a crash caused by authorization requests. (Florian Quèze)
* Gadu-Gadu
o Add support for IM images. (Tomasz Sałaciński, Adam Strzelecki)
o Gadu-Gadu now checks that UID's are valid. (Adam Strzelecki)
o Gadu-Gadu now does proper charset translations where needed. (Adam Strzelecki)
* MSN
o Fix an error with offline messages by shipping the new "Microsoft Secure Server Authority" and the "Microsoft Internet Authority" certificates. These are now always installed even when using --with-system-ssl-certs because most systems don't ship those intermediate certificates.
o The Games and Office media can now be set and displayed (in addition to the previous Music media). The Media status text now shows the album, if possible.
o Messages sent from a mobile device while you were offline are now correctly received.
o Server transfers after you've been connected for a long time should now be handled correctly.
o Many improvements to handling of "federated" buddies, such as those on the Yahoo network.
o Several known crashes have been resolved.
o Many other fixes and code cleanup.
* MySpace
o Respect your privacy settings set using the official MySpace client.
o Add support for blocking buddies.
o Fix a bug where buddies didn't appear in their correct groups the first time you sign into your account.
o Properly disconnect and sign out of the service when logging off.
o Support for foreground and background font colors in outgoing IMs.
o Support for background font colors in incoming IMs.
o Many other fixes and code cleanup.
* Sametime
o Fix insanely long idle times for Sametime 7.5 buddies by assuming 0 idle time if the idle timestamp is in the future. (Laurent Montaron)
o Fix a crash that can occur on login. (Raiko Nitzsche)
* SIMPLE
o Fix a crash when a malformed message is received.
o Don't allow connecting accounts if no server name has been specified. (Florian Quèze)
* XMPP
o Fix the namespace URL we look for in PEP reply stanzas to match the URL used in the 'get' requests (Paul Aurich)
o Resources can be set to the local machine's hostname by using __HOSTNAME__ as the resource string. (Jonathan Sailor)
o Resources can now be left blank, causing the server to generate a resource for us where supported. (Jonathan Sailor)
o Resources now default to no value, but "Home" is used if the server refuses to provide a resource.
o Quit trying to get user info for MUC's. (Paul Aurich)
o Send "client-accepts-full-bind-result" attribute during SASL login. This will fix Google Talk login failures if the user configures the wrong domain for his/her account.
o Support new <metadata/> element to indicate no XEP-0084 User Avatar. (Paul Aurich)
o Fix SHA1 avatar checksum errors that occur when one of the bytes in a checksum begins with 0. (Paul Aurich)
o Fix a problem with duplicate buddies. (Paul Aurich)
* Yahoo
o Corrected maximum message lengths for Yahoo!
o Fix file transfers with older Yahoo protocol versions.
* Zephyr
o Enable auto-reply, to emulate 'zaway.' (Toby Schaffer)
o Fix a crash when an account is configured to use tzc but tzc is not installed or the configured tzc command is invalid. (Michael Terry)
o Fix a 10 second delay waiting on tzc if it is not installed or the configured command is invalid. (Michael Terry)
* Pidgin
o On GTK+ 2.14 and higher, we're using the gtk-tooltip-delay setting instead of our own (hidden) tooltip_delay pref. If you had previously changed that pref, add a line like this to ~/.purple/gtkrc-2.0 (where 500 is the timeout (in ms) you want):
gtk-tooltip-timeout = 500
To completely disable tooltips (e.g. if you had an old tooltip_delay of zero), add this to ~/.purple/gtkrc-2.0:
gtk-enable-tooltips = 0
o Moved the release notification dialog to a mini-dialog in the buddylist. (Casey Ho)
o Fix a crash when closing an authorization minidialog with the X then immediately going offline. (Paul Aurich)
o Fix a crash cleaning up custom smileys when Pidgin is closed.
o Fix adding a custom smiley using the context menu in a conversation if no custom smilies have previously been added using the smiley manager.
o Improved support for some message formatting in conversations.
o Allow focusing the coversation history or userlist with F6.
o Fixed the Send Button plugin to avoid duplicate buttons in a single conversation.
o Double-clicking a saved status will now activate it and close the saved status manager, rather than edit the status.
* Finch
o Allow binding meta+arrow keys for actions.
o Added default meta+erase binding for delete previous word.
o Added "Show When Offline" to buddy menus, so a plugin is no longer needed.
Version 2.5.2 (10/19/2008)
* libpurple
o Fixed a crash on removing a custom buddy icon on a buddy.
o Fixed a crash caused by certain self-signed SSL certificates.
o Enable a number of strong ciphers which were previously disabled when using NSS. (Thanks to Marcus Trautwig.)
* Pidgin
o The status selector now saves your message when changing status.
o Fix a case where a conversation window could close unexpectedly.
o A mute sounds option has been added to the preferences window to help with discoverability. CTRL+S is no longer bound to mute.
o Added ability to change the color of visited links (using the theme control plugin, or setting the color in ~/.gtkrc-2.0)
o Fix a crash occuring when a custom smiley is deleted and re-added and used in an open conversation after being re-added.
* Finch
o A new 'Nested Grouping' option in the 'Grouping' plugin. Group hierarchies are defined by the '/' character in the group names.
o A bug was fixed where some key-bindings wouldn't work with some TERMs (e.g. xterm-color, screen-linux etc.)
* MSN
o Operations (such as moving to a new group) on contacts that were added in the same session should now complete correctly, and not cause synchronization errors at next login.
o Minor fixes to login process during a server transfer.
o Restored the "Has You" feature to the MSN protocol tooltips.
o ADL 205/214/etc errors should no longer prevent login.
* XMPP
o Sending and receiving custom smileys using the specification in XEP-0231 (bits of binary) and XHTML-IM
* Yahoo
o Only send a Ping once every hour. This prevents the account from being disconnected from the server periodically.
libpurple:
* In the Join/Part plugin, add the ability to apply the rules to
buddies. By default, joins and parts for buddies are still shown.
* Support SOCKS proxies specified in GNOME or Windows proxy settings.
* Fix some possible crashes in MSNP15.
* Enable a default SSL trust relationship for MSN servers.
* Avoid disconnecting from XMPP servers on parse errors that are
non-fatal.
* Include some perl files that were mistakenly omitted in 2.5.0.
Pidgin:
* Prevent use of custom smilies without "shortcuts."
* Fix a crash that could appear with AIM buddy tooltips.
Artwork:
* General refresh of many icons in the interface.
* Many cleanups to artwork source are now included in the distribution.
* A new "throbber" animation has been added to indicate when accounts
are connecting.
Bump PKGREVISION of non-bundled plug-ins.
Changes for 2.5.0 (08/17/2008) since 2.4.3:
libpurple + pidgin:
- Lots of bug fixes and improvements for the MSN protocol
(MSNP15 support) and MSN "bunny icon" (?).
- Miscellaneous bug fixes, a few new icons, etc.
- The following API changes:
libpurple:
Added:
* Connection flag PURPLE_CONNECTION_ALLOW_CUSTOM_SMILEY to indicate
that the connection supports sending and receiving custom smileys.
* PurpleSmiley and the Smiley API.
* purple_serv_got_join_chat_failed
* chat-join-failed signal (see conversation-signals.dox)
* chat-invite-blocked and blocked-im-msg signals (see
converation-signals.dox) (Thanks to Stefan Ott)
* purple_blist_update_node_icon
* purple_buddy_icons_node_has_custom_icon
* purple_buddy_icons_node_find_custom_icon
* purple_buddy_icons_node_set_custom_icon
* purple_buddy_icons_node_set_custom_icon_from_file
* purple_notify_user_info_prepend_section_break
* purple_notify_user_info_prepend_section_header
* "website" and "dev_website" items to the ui_info hash table
* purple_cmds_get_handle, purple_cmds_init, purple_cmds_uninit
* cmd-added and cmd-removed signals
* purple_get_host_name
* purple_util_fetch_url_len (temporary function overload to add max_len
param)
* purple_util_fetch_url_request_len
* purple_prpl_send_attention
* purple_prpl_got_attention
* purple_prpl_got_attention_in_chat
Deprecated:
* purple_blist_update_buddy_icon
* purple_buddy_icons_has_custom_icon
* purple_buddy_icons_find_custom_icon
* purple_buddy_icons_set_custom_icon
* pidgin_set_custom_buddy_icon
* purple_util_fetch_url_len
* purple_util_fetch_url_request_len
* serv_send_attention
* serv_got_attention
Changed:
* xmlnode_copy now copies the prefix and namespace map for nodes.
pidgin:
Added:
* gtk_imhtml_smiley_create, gtk_imhtml_smiley_reload and
gtk_imhtml_smiley_destroy to deal with GtkIMHtmlSmiley's.
* pidgin_pixbuf_from_imgstore to create a GdkPixbuf from a
PurpleStoredImage.
* pidgin_themes_smiley_themeize_custom to associate custom smileys to
a GtkIMHtml widget.
* GTK_IMHTML_CUSTOM_SMILEY flag for GtkIMHtml.
* GTK+ Custom Smiley API.
i) CVE-2008-2927 fix
ii) the previous version was being rejected from the ICQ network.
version 2.4.3 (07/01/2008):
libpurple:
* Yahoo! Japan now uses UTF-8, matching the behavior of official clients
and restoring compatibility with the web messenger (Yusuke Odate)
* Setting your buddy icon once again works for Yahoo! accounts.
* Fixes in the Yahoo! protocol to prevent a double free, crashes on
aliases, and alias functionality
* Fix crashes in the bonjour protocol
* Always use UTF-8 for Yahoo! (#5973)
* Fix a crash when the given jabber id is invalid.
* Make the IRC "unknown message" debugging messages UTF-8 safe.
* Fix connecting to ICQ
* Fix a memleak when handling jabber xforms.
Pidgin:
* Include the send button plugin in the win32 build
* Various memory leak fixes
o In MySpaceIM, messages from spambots are discarded (Justin Williams)
o Strip mIRC formatting codes from quit and part messages.
o IRC now displays ban lists in-channel for joined channels.
o Fixed a bug where the list of loaded plugins would get removed when
switching between different operating systems.
o Fix reception of IRC PART without a part message on Undernet
(fixes a problem with litter in the channel user list).
o IRC no longer crashes on /list on servers which erroneously omit RPL_LISTSTART
o Update the NetworkManager support to use D-Bus directly, instead of
libnm-glib. Hopefully it's stable now. It will now compile by default if you
have D-Bus support and NetworkManager.h. (Elliott Sales de Andrade)
o MSN buddy list synchronization is now more forgiving, only asking about
buddies who have disappeared completely from the server list and not those
that have simply moved groups.
o IRC will now try to append 1-9 to your nick if it is in use, instead of
substituting the last character with 1-9 where possible.
o Bonjour buddies will be saved persistently if they're moved out of the
"Bonjour" group. (Eion Robb)
* Treat AIM Unicode messages as UTF-16 rather than UCS-2; this should have no functional effect, other than continued support on systems which have dropped UCS-2 conversions.
* Add support for setting buddy icons on Gadu-Gadu (Tomasz Salacinski)
* Fix a crash when clearing the buddy icon for an account on XMPP
* Fix a crash during login for some ICQ accounts
* Prefer more available resources on XMPP when priorities are equal
* Fix incorrectly marking some Yahoo! contacts as blocked
* Improved handling of UTF-8 group names on ICQ (beret)
* Fix a crash when starting if you have a Zephyr account
* Increase XMPP ping timeout to 120 seconds, to prevent poor network connections from timing out unnecessarily.
* Don't crash on XMPP forms with empty default values.
* Fix issues with CHAP authentication for SOCKS5 proxies.
libpurple:
* Added support for offline messages for AIM accounts (thanks to
Matthew Goldstein)
* Fixed various problems with loss of status messages when going
or returning from idle on MySpaceIM.
* Eliminated unmaintained Howl backend implementation for the
Bonjour protocol. Avahi (or Apple's Bonjour runtime on win32) is
now required to use Bonjour.
* Partial support for viewing ICQ status notes (Collin from
ComBOTS GmbH).
* Support for /notice on IRC.
* Support for Yahoo! Messenger 7.0+ file transfer method (Thanumalayan S.)
* Support for retrieving full names and addresses from the address book
on Yahoo! Japan (Yusuke Odate)
* The AIM/ICQ server-side preference for "allow others to see me
as idle" is no longer unconditionally set to "yes" even when
your libpurple preference is "no."
* Fix SSL certificate checks for renewed certificates
* Fix the ability to set vCard buddy icons on Google Talk/XMPP
* D-Bus fixes on 64bit
* Fixed retrieval of buddy icons and setting of server-side aliases on
Yahoo! and Yahoo! Japan when using an HTTP proxy server (Gideon N.
Guillen)
* Fixed an MSN bug that would leave you appearing offline when transferred
to different server
version 2.3.0 (11/24/2007):
http://developer.pidgin.im/query?status=closed&milestone=2.3.0
Some highlights from ChangeLog:
Pidgin:
* Connection errors are now reported in mini-dialogs inside the buddy
list, rather than as buttons in the buddy list and with dialog
boxes. If several accounts are disabled when you sign on elsewhere,
you can now re-enable them all with a single click.
* If you alias a buddy to an alias that is already present within
a particular group, we now offer to merge the buddies into the
same contact.
* A music emblem is now displayed in the buddy list for a buddy if we
know she is listening to some soothing music.
* Added a 'Move to' menu in buddy list context menu for moving buddies
to other groups as an alternative to dragging.
* It is now possible to mark a chat on your buddy list as "Persistent"
so you do not leave the chat when the window or tab is closed.
* The auto-join option for chats is now listed in the "Add Chat"
dialog along with the new persistence option.
* Closing an IM no longer immediately closes your conversation. It
will now remain active for a short time so that if the conversation
resumes, the history will be retained. A preference has been added
to toggle this behavior.
* The "Smiley" menu has been moved to the top-level of the toolbar.
* Pidgin's display is now saved with the command line for session
restoration. (David Mohr)
* ICQ Birthday notifications are shown as buddy list emblems.
* Plugin actions are now available from the docklet context menu
in addition to the Tool menu of the buddy list.
* The manual page has been heavily rewritten to bring it in line
with current functionality.
Finch:
* It's possible to bind key-strokes to specific menuitems in the windows.
Read the 'Menus' section in the man-page for details.
* 'transpose-chars' operation for the entry boxes. The default key-binding
is ctrl+t.
* 'yank' operation for the entry boxes. The default binding is ctrl+y.
(A remote user can cause a DoS by sending a message with invalid HTML.)
version 2.2.2 (10/23/2007):
http://developer.pidgin.im/query?status=closed&milestone=2.2.2
NOTE: Due to the way this release was made, it is possible that
bugs marked as fixed in 2.2.1 or 2.2.2 will not be fixed
until the next release.
* Various bug and memory leak fixes
vulnerability CVE-2007-4996:
"MSN nudges sent from unknown buddies can cause libpurple to crash"
Other changes:
libpurple:
* A few build issues on Solaris were fixed.
* Cancelling the password prompt for an account will no longer leave
it in an ambiguous state. (It will be disabled.)
* Fixed an erroneous size display for MSN file transfers. (galt)
* Fixed multiple memory leaks, particularly in XMPP and MySpace protocols
* Fixed remembering proxy preferences and status scores
* Gmail notifications are better tracked
Pidgin:
* Fixed keyboard tab reordering to move tabs one step instead of two.
* You should no longer lose proxy settings when Pidgin is restarted.
* Fixed detection of X11 when compiling
Finch:
* Pressing 'Insert' in the buddylist will bring up the 'Add Buddy'
dialog.
The intltool that comes bundled with libpurple doesn't like NetBSD's
/usr/bin/iconv, so switch libpurple to use intltool from pkgsrc.
ChangeLog:
Version 2.2.0 (09/13/2007):
http://developer.pidgin.im/query?status=closed&milestone=2.2.0
Libpurple:
* New protocol plugin: MySpaceIM (Jeff Connelly, Google Summer of
Code)
* XMPP enhancements. See
http://www.adiumx.com/blog/2007/07/soc-xmpp-update.php (Andreas
Monitzer, Google Summer of Code for Adium)
* Certificate management. Libpurple will validate certificates on
SSL-encrypted protocols (William Ehlhardt, Google Summer of Code)
* Some adjustments were made to fix sending messages when using
the MSN HTTP method. (Laszlo Pandy)
* Yahoo! Chat is fixed.
* Some AIM file transfer issues between Pidgin and other clients
have been fixed. (Kyryll A Mirnenko)
* Properly restore idle status and time for AIM and ICQ accounts
when they reconnect after being disconnected.
Pidgin:
* Insert Horizontal Rules and Strikethrough text from toolbar.
* Option to show protocol icons in the buddy list, from the
Buddies > Show menu. (Justin Heiner)
* Ability to build with native, non-X11 GTK+ on OSX. (Anders
Hasselqvist)
* Remember the 'Enable Sounds' setting for a conversation.
* Right-clicking the empty space in the formatting toolbar
allows you to toggle back to the old "ungrouped" version.
* Protocols supporting account registration via Pidgin now show
a descriptive checkbox instead of a vague "Register" button.
* Fixed a bug where a tab would be shown on single conversations
when tabs were disabled.
Finch:
* Per-conversation mute and logging options (accessible from the menu).
Version 2.1.1 (08/20/2007):
Yahoo:
* Added an account action to open your inbox in the yahoo prpl.
* Added support for Unicode status messages in Yahoo.
* Server-stored aliases for Yahoo. (John Moody)
* Fixed support for Yahoo! doodling.
* Limited support for MSN Messenger contacts
Bonjour:
* Bonjour plugin uses native Avahi instead of Howl
* Bonjour plugin supports Buddy Icons
XMPP:
* Only report conversation close when 'send typing notifications'
preference is turned on (Bob Rossi)
Pidgin:
* Show current outgoing conversation formatting on the font label on
the toolbar
* Slim new redesign of conversation tabs to maximize number of
conversations that can fit in a window
* Tab bar is not visible when only one conversation is open. You can
drag and drop conversations from the infopane.
* Moved "Reset Formatting" toolbar button to Font menu.
* Double click on the infopane to alias buddies and set topics
on chats
* New smiley style
Finch:
* Sound support (Eric Polino)
Updates of pidgin and finch will follow shortly.
pkgsrc changes are some cleanup and removal of the 900kB patch-ac.
I'm not sure if this will break anything, but nobody knew the reason
of it's existence. Any fallout should be dealt with appropriately instead.
Maintainer reset to pkgsrc-users@ at previous maintainer's wish.
version 2.1.0 (07/28/2007):
libpurple:
* Core changes to allow UIs to use second-granularity for scheduling.
Pidgin and Finch, which use the glib event loop, were changed to use
g_timeout_add_seconds() on glib >= 2.14 when possible. This allows
glib to better group our longer timers to increase power efficiency.
(Arjan van de Ven with Intel Corporation)
* No longer linkifies screennames containing @ signs in join/part
notifications in chats
* With the HTML logger, images in conversations are now saved.
NOTE: Saved images are not yet displayed when loading logs.
* Added support for QIP logs to the Log Reader plugin (Michael Shkutkov)
version 2.0.2 (06/14/2007):
libpurple:
* Moving an ICQ buddy from one group to another no longer
re-requests authorization from that person (Rene Hausleitner)
* Added nullprpl, an example protocol plugin (Ryan Barrett)
* Fixed SOCKS5 bug which caused Jabber file receiving to fail
* Remove MSN's random "Authorization Failed" dialogs
* Fix MSN to correctly detect incorrect passwords and disable the account
* Get User Info on MSN is now more reliable & accurate
* Updated SILC protocol to support SILC Toolkit 1.1 (Pekka Riikonen)
* Fix for some QQ authentication problems
* Fix for building on FreeBSD
* Prevent "Logged in:" times for AIM buddies being ridiculously high
* Updates and fixes to Bonjour support
* Improve ICQ encoding support for some non-latin languages
